Test ID:	1.3.6.1.4.1.25623.1.0.900097
Category:	Windows : Microsoft Bulletins
Title:	Microsoft DirectShow RCE Vulnerability
Summary:	Microsoft DirectShow is prone to a remote code execution (RCE) vulnerability.;; This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.900588.
Description:	Summary: Microsoft DirectShow is prone to a remote code execution (RCE) vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.900588. Vulnerability Insight: Microsoft DirectShow fails to handle supported QuickTime format files. This could allow code execution if a user opened a specially crafted QuickTime media file when a user is logged on with administrative user rights. Vulnerability Impact: Attacker who successfully exploit this flaw could take complete control of an affected system. Affected Software/OS: DirectX 7.0 8.1 and 9.0* on Microsoft Windows 2K DirectX 9.0 on Microsoft Windows XP and 2K3 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1537 BugTraq ID: 35139 http://www.securityfocus.com/bid/35139 Cert/CC Advisory: TA09-195A http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://isc.sans.org/diary.html?storyid=6481 Microsoft Security Bulletin: MS09-028 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 http://osvdb.org/54797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237 http://www.securitytracker.com/id?1022299 http://secunia.com/advisories/35268 http://www.vupen.com/english/advisories/2009/1445 http://www.vupen.com/english/advisories/2009/1886
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.